Website security is a critical aspect for all businesses, not a luxury. Cyber threats, hackers, and malware can target any website, regardless of its size...
MoeSec Research Blog
A Vulnerability in LiteSpeed Cache WordPress Plugin CVE-2024-47374
A new vulnerability in the LiteSpeed Cache WordPress plugin. This plugin is widely used for optimizing website performance through caching. The vulnerability allows attackers to...
Analysis of a New Balada Malware Variant found on WordPress Websites
The Balada Injector is a well-known family of malware that primarily targets WordPress sites. It mass-injects malicious JavaScript into websites, often taking advantage of vulnerabilities...
WAF vs CMS Firewall Security Plugins
For robust security, especially in high-risk environments, a WAF like MoeSec offers an additional layer of defense that mitigates risks associated with CMS security plugins....
Analysis of a newly found Malicious JavaScript on WordPress Sites
The MoeSec security team recently discovered a piece of malicious JavaScript on a WordPress website. This script was injected using the Simple Custom CSS and...
Credit Card Skimmer Targeting eCommerce Websites using Magento, WooCommerce and OpenCart: Analysis and Mitigation
This article analyzes a specific skimmer affecting Magento, WooCommerce, and OpenCart based websites, deciphers its malicious code, discusses how it operates, and provides steps for...
New wave of SocGholish JavaScript malware injection Found on many WordPress Websites
New wave of SocGholish JavaScript malware injection Found on many WordPress Websites loading malicious code from MEMORYLOADER[.]COM
Uncovering Encoded JavaScript Malware: Analysis of a new Malware Campaign
MoeSec security researchers recently discovered a new strain of javascript malware that utilizes advanced encoding techniques to evade detection. This malware leverages a combination of...
New encodediagnosisrelish javascript malware injection utilizing WP Rocket to delay execution
New encodediagnosisrelish javascript malware injection utilizing WP Rocket to delay execution.
A Comprehensive Guide to Cleaning a Hacked Website and Preventing Future Attacks
In today's digital landscape, website security is of utmost importance. Hackers are constantly seeking vulnerabilities to exploit and compromise websites. In this article, we will...